A. Technical Field
The present invention relates generally to a secured system, and more particularly, to systems, devices and methods of detecting tampering and preventing unauthorized access by incorporating programmability and randomness in coupling, driving and sensing conductive wires that are arranged above sensitive areas in a secured system.
B. Background of the Invention
A secured system normally refers to an electronic system used for applications that involve trusted operations on valuable assets in a trusted environment. The electronic system may comprise integrated circuits including a central processing unit (CPU) core, memory, and input/output (I/O) peripherals that are used for processing, storing or communicating sensitive data in the secured system. This sensitive data may include account numbers, access codes, private information, financial transactions/balances, rights management, metering data (e.g., energy, units), program algorithms and other information. To date, the secured system has been applied in a wide range of security-critical applications such as electronic banking, commercial transactions, and pay-TV access control, or any application that requires protection of sensitive assets.
A thief or hacker may attempt to gain access to the sensitive data in the secured system through tampering sensitive areas of the integrated circuits (e.g., the CPU core, the memory and the I/O peripheries). The sensitive areas are normally covered by a shielding layer of coating material, and otherwise, the integrated circuit containing the sensitive areas may be encased in a shielding package. During an unauthorized access, the hacker has to probe through the shielding layer or package to gain access to the sensitive areas and data.
In order to detect the unauthorized access, a conventional secured system includes a tampering detection system based on a shielding layer configured as traces of conductive wires covering the sensitive areas. FIG. 1 illustrates an integrated circuit that is covered by traces of conductive wires. A force circuit and a sense circuit are integrated in the underlying integrated circuit. One end of a selected trace may be driven by a known stimulus (e.g., logic high or low), while the other end of the trace is monitored by the sense circuit. When the detected level is inconsistent with the known stimulus, the trace is considered broken or shorted to another trace, and tampering of the shielding layer is detected.
However, this type of detection is easy to bypass, and may not meet stringent security requirements emerging with state-of-the-art secured systems. The above tampering detection method only detects opens or shorts of the conductive traces in the shielding layer. In addition, the hacker may decipher the pattern of the known stimulus, and bypass the trace by applying the stimulus directly on the end for sensing. More straightforwardly, the hackers may even short two ends of the trace to circumvent tampering detection. As hacking techniques get increasingly sophisticated, such a simple tampering detection method cannot serve the objective, and competitive anti-tempering methods have to be introduced at a relatively low cost to prevent unauthorized accesses to a secured system, and particularly, to those involved in lucrative transactions.